Thank you, Quinn. The use case here is that we provide VPN client (TLS-based) to users who connect to their own servers. Some of the server certificates may not be properly generated (e.g. self-signed, lacking SAN, wrong key usages etc.). The VPN client performs standard TLS verification in the first place but allows ignoring certificate errors. It is now a deal-breaker if some errors can't be ignored.

[quote='834973022, DTS Engineer, /thread/780430?answerId=834973022#834973022'] The TLS policy has long has errors that can’t be ignored. [/quote] Well, I am afraid that's not like what we have observed. By using sec_protocol_options_set_verify_block() as in the sample, we are able to ignore the 825 days error, self-signed cert, etc.

[quote='782536021, QQV5, /thread/782536, /profile/QQV5'] What are the key changes introduced in iPadOS 18.4 regarding HTTPS connections? [/quote] It's here. https://support.apple.com/en-us/121158